-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 20.02.2013 17:40, schrieb Nick Jennings:
I do not agree with guys saying the browser is an unpredictable environment. You always assume some part working correctly (OS most of the times) so why not the browser? You can not verify the client source code on load easily, because you have to load the verification code ... this leads to some kind of chicken-egg problem. If you have loaded your verification code, who tells you it was not tampered with. Of course you can use ssl or hope that one day js code signing will be a possibility too but until then as soon as you load one unsigned js file, there is no true verification. Regards, Nils -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRJk/9AAoJECvXQ9f0b0HoCW4H/ivz8cyaLUdZAx3X4TQUE8dV E0vTtLVFNbHRdjknwuE8fF9+a9ugg1g411a8J8aB8H9qYtDpK1o+2mv+vno+F5yX b9nxmCaxJwbONFHMLHSmxvvlhcDTZ3Ab9JMtFZvnmgxHH1trOOtmjsM6rbxrGHDe gDVw4mlv4Hy880go0QMI1MqgmPM+nzhDzvXwjETHBNSfMzSSD5QTaVpRQymznyB+ vMxF9aQQ2QNakVDoc1UCkGALDs5opOiAB9z4FmKBIjHUyU41k2MmMMeFYROxyoEt 0j+OxOndtnYTWW16BUAEVin5R7ihl26C1rjWI9tJrD9p8eeTUnU5/yI1gXg5lB0= =sRkh -----END PGP SIGNATURE----- _______________________________________________ http://openpgpjs.org
